Geek-Guy.com

Tag: code

AI, Data Breaches, Exploits, Global Security News, Network Security, Risk Management

Claude Code GitHub Actions Flaw Created Supply Chain Attack Risk

Organizations using Claude Code GitHub Actions should review their CI/CD environments after a researcher found vulnerabilities that could expose repositories to compromise and supply chain attacks.   The flaws, which have since been patched, allowed attackers to bypass permission controls and inject untrusted input into trusted workflows.   These vulnerabilities allow “… an attacker [to] bypass its…

Read more →

AI, Apps, Data Breaches, Endpoint, Global Security News, malware, Network Security, Risk Management

Fake Claude Code Installers Deliver Credential-Stealing Malware 

Developers searching for Claude Code installation instructions could be walking into a sophisticated malware campaign that disguises itself as legitimate AI tooling documentation.  Researchers found dozens of fake Claude Code and developer platform sites designed to steal credentials, API keys, and cryptocurrency.  “The attack chain runs on the same unchecked trust that makes AI developer…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management

Windows Netlogon RCE exploited, domain controllers at risk (CVE-2026-41089)

CVE-2026-41089, a critical Windows Netlogon RCE flaw that allows remote code execution, is now actively exploited in the wild, the Centre for Cybersecurity Belgium (CCB) warned on Friday. About CVE-2026-41089 CVE-2026-41089 is a stack-based buffer overflow vulnerability in Windows Netlogon, the service and protocol that handles authentication and security within a Windows domain environment. The…

Read more →

AI, Global Security News, Risk Management

Secure Code Warrior connects developer training to AI usage and code risks

Secure Code Warrior has introduced Adaptive Learning, a capability designed to help organizations support AI software governance through targeted training based on identified risks. The feature delivers contextual microlearning and tracks outcomes at the code commit level. Software development is going through its biggest shift ever, from human-written code, to AI-assisted coding, to fully agentic…

Read more →

AI, Endpoint, Exploits, Global Security News, malware

Notepad++ vulnerabilities could enable arbitrary code execution on Windows systems

Two arbitrary code execution vulnerabilities in Notepad++ let local attackers run commands of their choice on Windows machines by tampering with the editor’s XML configuration files, with both flaws rated High at CVSS 7.8. The flaws, tracked as CVE-2026-48778 and CVE-2026-48800, affect every version of the editor up to and including 8.9.6, Notepad++ said in…

Read more →

AI, Apps, Compliance, Global Security News, Network Security

IBM and Red Hat want to become the ‘security clearinghouse’ for open source applications in the enterprise

Open source code is everywhere in the enterprise; it’s estimated that upwards of 90% of Fortune 500 companies have it in their software supply chains. But open source code is notoriously rife with vulnerabilities, and identifying and patching those bugs can be an endless battle for security teams. IBM and Red Hat are betting that…

Read more →

AI, Global Security News, Network Security

Apple open-sources quantum-resistant encryption code

Apple has released quantum-resistant cryptographic code and the mathematical verification tools it developed to prove the code’s correctness, making them publicly available for independent review and broader use across the industry. The release includes implementations of two quantum-secure algorithms, ML-KEM and ML-DSA, along with the formal verification libraries and tools Apple created to validate their…

Read more →

Exploits, Global Security News

Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions

Microsoft has rolled out updates to fix a remote code execution vulnerability impacting SharePoint that could be exploited by bad actors in attacks without requiring any specialized conditions to be met. The vulnerability, tracked as CVE-2026-45659, carries a CVSS score of 8.8. It has been assigned an important severity. “Deserialization of untrusted data in Microsoft…

Read more →

Exploits, Global Security News

High-severity SharePoint RCE bug patched by Microsoft (CVE-2026-45659)

Microsoft has released patches for a high-severity remote code execution vulnerability (CVE-2026-45659) in SharePoint that may be exploited in low-complexity attacks. It affects the SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016. About CVE-2026-45659 CVE-2026-45659 stems from Shareoint deserializing untrusted data, and may be exploited by an authenticated attacker to execute…

Read more →

AI, Apps, Endpoint, Exploits, Global Security News, malware, Risk Management

The Underground Malware-Signing-as-a-Service That Makes Ransomware Look “Verified” on Windows

The Core Technical Concept: Code Signing At the center of Microsoft’s disruption of the Fox Tempest cybercrime operation is a foundational trust mechanism that modern operating systems rely on heavily: code signing. Code signing is a cryptographic trust framework used by operating systems such as Windows to verify both the integrity and origin of executable…

Read more →

AI, Exploits, Global Security News, Risk Management

PinTheft: Another Linux Privilege Escalation, Another Working Exploit, This Time Targeting Arch

PinTheft is a Linux LPE flaw in the RDS subsystem with public exploit code. Arch Linux users face the highest risk and should patch immediately. The wave of Linux local privilege escalation vulnerabilities showing up with working exploit code is not slowing down. The latest is PinTheft, discovered by the V12 security team, which affects…

Read more →

AI, Data Breaches, Global Security News

TeamPCP breached GitHub’s internal codebase via poisoned VS Code extension

Following TeamPCP’s claim that they’ve breached GitHub’s own private code repositories, the Microsoft-owned company launched an investigation and confirmed the compromise. “Our current assessment is that the activity involved exfiltration of GitHub-internal repositories only. The attacker’s current claims of ~3,800 repositories are directionally consistent with our investigation so far,” GitHub stated. The source of the…

Read more →

AI, Data Breaches, Endpoint, Global Security News, malware

A malicious VS code extension just breached GitHub ‘s internal repositories

One employee installed a trojanized VS Code extension. Result: ~3,800 GitHub internal repositories exfiltrated. TeamPCP claims credit, wants $50K. There is something almost ironic about GitHub, the platform that hosts the code for most of the world’s software, getting breached through a trojanized plugin for a code editor. But that is exactly what happened, and…

Read more →

AI, Cybersecurity, Data Breaches, Exploits, Global Security News, malware, Risk Management

Shai-Hulud worm copycats emerge after source code leak

Shai-Hulud worm copycats are already attacking NPM developers after its source code leaked, enabling fast supply chain exploitation. The first copycats of the Shai-Hulud worm have already started showing up online, only a few days after the malware’s source code was dumped on GitHub. Researchers had warned this would happen almost immediately, and they were…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Global Security News, Risk Management

Grafana confirms GitHub token breach cybercrime group claims the attack

Grafana confirmed a GitHub token breach that exposed source code, but said no customer data or systems were affected. Grafana Labs confirmed a security incident after the extortion group Coinbase Cartel listed it on a leak site and claimed data theft on May 15. The breach was triggered by a compromised token that gave attackers…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management

Device Code Phishing Targets Microsoft 365 Users  

Cybercriminals are adopting device code phishing as a new way to bypass traditional phishing defenses and compromise enterprise Microsoft 365 accounts.  According to Proofpoint, threat actors are abusing legitimate Microsoft authentication workflows to steal authentication tokens without using traditional phishing pages.   “The spike in device code phishing coincides with publicly released criminal toolkits, and the…

Read more →

AI, Apps, Cybersecurity, Endpoint, Exploits, Global Security News, Risk Management

Experts warn of active exploitation of critical NGINX flaw CVE-2026-42945

A critical NGINX flaw (CVE-2026-42945) is actively exploited, allowing crashes or possible code execution via malicious HTTP requests. A critical vulnerability in NGINX Plus and NGINX Open, tracked as CVE-2026-42945 (CVSS v4 score of 9.2), is already being actively exploited shortly after disclosure. “We’re seeing active exploitation of CVE-2026-42945 in F5 NGINX, a heap buffer…

Read more →

AI, Apps, Cybersecurity, Endpoint, Exploits, Global Security News, Network Security, Risk Management

AWS Security Agent full repository code scanning feature now available in preview

Today, we’re excited to announce the preview release of full repository code review, a new capability in AWS Security Agent that performs deep, context-aware security analysis of your entire code base. AI-driven cybersecurity capabilities are advancing rapidly. AWS Security Agent can now find vulnerabilities and build working exploits across your entire code base at a…

Read more →

AI, Apps, Global Security News, malware, Network Security

Fake Claude Code takes the IElevator to your browser secrets

Developers looking for Anthropic’s increasingly popular Claude Code tool are now being lured into downloading malware. According to researchers at Ontinue, attackers are abusing a fake Claude Code installer to deliver a previously undocumented PowerShell payload. The malware is designed to evade detection, recover browser encryption material, and steal sensitive data from developer systems. “Developers…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Risk Management

New cPanel vulnerabilities could allow file access and remote code execution

cPanel fixed three flaws that could allow file reads, code execution, and privilege escalation. No active exploitation has been reported yet. cPanel has released security updates to fix three vulnerabilities affecting cPanel & WHM that could allow attackers to read files, execute code, or escalate privileges on vulnerable systems. Below are the descriptions for these…

Read more →

AI, Apps, Compliance, Cybersecurity, Data Breaches, Global Security News, Network Security, Risk Management

Train like you fight: Why cyber operations teams need no-notice drills

St. Michael’s Hospital in Toronto recently executed a full Code Orange simulation: A mass casualty emergency protocol requiring the activation of every clinical and operational team across the hospital. As a Level 1 trauma centre, it conducts large-scale exercises involving teams across the entire hospital: Emergency, surgery, communications, administration. The exercise is not a compliance…

Read more →

AI, Exploits, Global Security News, Risk Management

Critical Android vulnerability CVE-2026-0073 fixed by Google

Google patched a critical Android flaw (CVE‑2026‑0073) that lets attackers run code remotely without user action. Google released a security update for Android to address a critical remote code execution flaw, tracked as CVE‑2026‑0073, in the System component. The bug allowed attackers to run code as the shell user without needing extra permissions, or any…

Read more →

AI, Apps, Compliance, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, Risk Management

Android Zero-Click RCE Vulnerability Enables Remote Shell Access  

Google has released a patch for an Android vulnerability that allows remote code execution (RCE) without requiring any user interaction.  The flaw could “… lead to remote (proximal/adjacent) code execution as the shell user with no additional execution privileges needed. User interaction is not needed for exploitation,” said Google in its security advisory. Inside the…

Read more →

AI, Global Security News

Claude Security enters public beta with Opus 4.7 vulnerability scanning and patching

Claude Security, previously called Claude Code Security, is in public beta for Claude Enterprise customers. Available in Claude.ai, the capability scans codebases for security vulnerabilities and suggests targeted patches for review, helping teams identify and fix issues that might otherwise be missed. Admins can enable it in the admin console. Access for Claude Team and…

Read more →

AI, Data Breaches, Exploits, Global Security News, Risk Management

Trellix discloses the breach of a code repository

Trellix disclosed a security breach affecting part of its source code repository, however, the company says there’s no sign of code misuse. Trellix revealed a breach that allowed unauthorized access to part of its source code repository. The company said it quickly launched an investigation with forensic experts and notified law enforcement. While the exact…

Read more →

AI, Global Security News

Warp open sources its AI terminal client

Warp, the AI-centric terminal used by close to a million developers, has released the source code for its client on GitHub under the AGPL license, with OpenAI signed on as the founding sponsor of the repository. An agent-first contribution model Warp is steering contributions through Oz, its cloud agent orchestration platform. Agents handle the bulk…

Read more →

AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, Risk Management

GitHub Flaw Enables Remote Code Execution With a Single Git Push

A vulnerability in GitHub’s infrastructure could have allowed attackers to execute code on backend systems using nothing more than a standard git push command.  The flaw affected both GitHub.com and GitHub Enterprise Server (GHES), exposing millions of repositories to potential compromise before it was patched. “By exploiting an injection flaw in GitHub’s internal protocol, any…

Read more →

Cybersecurity, Global Security News

New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs

Cybersecurity researchers have discovered malicious code in an npm package after a malicious package as a dependency to the project by Anthropic’s Claude Opus large language model (LLM). The package in question is “@validate-sdk/v2,” which is listed on npm as a utility software development kit (SDK) for hashing, validation, encoding/decoding, and secure random generation. However,…

Read more →

AI, Exploits, Global Security News

Critical GitHub RCE bug exposed millions of repositories

A critical remote code execution (RCE) vulnerability in GitHub could potentially allow attackers to execute arbitrary code on GitHub.com and GitHub Enterprise Server. Uncovered by Wiz researchers, the now-patched bug exploited how GitHub handles server-side “git push” operations. By crafting malicious input within a standard Git push, an authenticated user could execute arbitrary commands via…

Read more →

AI, Apps, Global Security News, malware, Risk Management, Russia

More fake extensions linked to GlassWorm found in Open VSX code marketplace

The threat actor seeding the Open VSX code marketplace with fraudulent extensions that download the GlassWorm malware has uploaded 73 more impersonated links, as its attempt to infect software supply chains continues. Philipp Burckhardt, head of threat intelligence at Socket, which revealed the latest activity, called it a “significant escalation” in the gang’s activity, after…

Read more →

AI, Exploits, Global Security News, Risk Management

CVE-2026-3854 GitHub flaw enables remote code execution

Critical GitHub flaw CVE-2026-3854 lets attackers run code with a single git push, exploiting a command injection bug. Researchers found a critical vulnerability in GitHub, tracked as CVE-2026-3854, that allows remote code execution through a simple git push. The vulnerability affects GitHub Enterprise Cloud, GitHub Enterprise Cloud with Data Residency, GitHub Enterprise Cloud with Enterprise…

Read more →

AI, Cybersecurity, Global Security News

Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware

Cybersecurity researchers have flagged dozens of Microsoft Visual Studio Code (VS Code) extensions on the Open VSX repository that are linked to a persistent information-stealing campaign dubbed GlassWorm. The cluster of 73 extensions has been identified as cloned versions of their legitimate counterparts. Of these, six have been confirmed to be malicious, with the remaining…

Read more →

AI, Data Breaches, Global Security News, malware, Risk Management

Checkmarx supply chain attack impacts Bitwarden npm distribution path

Bitwarden CLI was hit by the Checkmarx supply chain attack. Version 2026.4.0 shipped malicious code in bw1.js via a compromised GitHub Action. Bitwarden CLI has been compromised as part of the ongoing Checkmarx supply chain campaign, researchers warn. The affected version, @bitwarden/cli 2026.4.0, contained malicious code hidden in the bw1.js file. The breach likely stemmed…

Read more →

AI, Apps, Compliance, Data Breaches, Endpoint, Global Security News, Network Security, privacy

Attacking the MCP Trust Boundary

Every secure API draws a line between code and data. HTTP separates headers from bodies. SQL has prepared statements. Even email distinguishes the envelope from the message. The Model Context Protocol (MCP), the fast-growing standard for connecting AI agents to external services, inherits that gap from the models it sits on top of. Its central…

Read more →

AI, Cybersecurity, Global Security News, Government & Policy, malware

Why the Axios attack proves AI is mandatory for supply chain security

Two weeks ago, a suspected North Korean threat actor slipped malicious code into a package within Axios, a widely used JavaScript library. The immediate concern was the blast radius: roughly 100 million weekly downloads spanning enterprises, startups, and government systems. But beyond the sheer scale, the attack’s speed was just as worrisome – a stark…

Read more →

AI, Global Security News, Risk Management

Legitify: Open-source scanner for security misconfigurations on GitHub and GitLab

Misconfigured source code management platforms remain a common entry point in software supply chain attacks, and organizations often lack visibility into which settings put them at risk. Legitify, an open-source tool from Legit Security, addresses that gap by scanning GitHub and GitLab environments and reporting policy violations across organizations, repositories, members, and CI/CD runner groups.…

Read more →

AI, Data Breaches, Europe, Exploits, Global Security News, Network Security

ShinyHunters claim the hack of Rockstar Games breach and started leaking data

Leak of 8.1GB data tied to Rockstar Games includes anti-cheat code, game data, analytics and more, reportedly exposed by ShinyHunters. An 8.1GB data leak reportedly linked to Rockstar Games has surfaced, with files shared by ShinyHunters after being obtained via Anodot. The dataset includes anti-cheat source code, player analytics, game assets, Zendesk support tickets and…

Read more →

AI, Apps, Endpoint, Exploits, Global Security News, Network Security

Critical flaw in Marimo Python notebook exploited within 10 hours of disclosure

A critical pre-authentication remote code execution vulnerability in Marimo, an open-source Python notebook platform owned by AI cloud company CoreWeave, was exploited in the wild less than 10 hours after its public disclosure, according to the Sysdig Threat Research Team. The vulnerability, tracked as CVE-2026-39987 with a severity score of 9.3 out of 10, affects…

Read more →

AI, Global Security News, malware

Obfuscated JavaScript or Nothing, (Thu, Apr 9th)

I spotted an interesting piece of JavaScript code that was delivered via a phishing email in a RAR archive. The file was called “cbmjlzan.JS” (SHA256:a8ba9ba93b4509a86e3d7dd40fd0652c2743e32277760c5f7942b788b74c5285) and is only identified as malicious by 15 AV’s on VirusTotal[1]. The file is pretty big (10MB) and contains a copy of the AsmDB project lib[2]. The purpose is unknown.…

Read more →

AI, Apps, Data Breaches, Exploits, Global Security News, malware, Network Security, Risk Management

NomShub Vulnerability Chain Exposes Hidden Risks in AI Coding Tools

A vulnerability chain in an AI-powered code editor is raising alarms about how autonomous developer tools can be turned against their users.  Dubbed NomShub, the flaw allows attackers to gain persistent shell access simply by luring a developer into opening a malicious repository — no traditional exploit required. “When an AI agent can execute shell…

Read more →

Apps, Cybersecurity, Global Security News

How To Choose The Right Low Code Platform For Your Business Needs

Learn how to choose the right low code platform for your business needs. In today’s fast-paced business world, agility is the key to success. Low code development platforms have emerged as a valuable tool for organizations to develop and deploy business applications with minimal coding quickly.  With the right platform, businesses can improve their productivity,…

Read more →

AI, Global Security News

Microsoft releases open-source toolkit to govern autonomous AI agents

AI agents can book travel, execute financial transactions, write and run code, and manage infrastructure without human intervention at each step. Frameworks like LangChain, AutoGen, CrewAI, and Azure AI Foundry Agent Service have made this kind of autonomy straightforward to deploy. The governance infrastructure to match that autonomy has lagged behind. Microsoft released the Agent…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management

Claude Code Leak Exposes AI Supply Chain Threats

A leak involving Anthropic’s Claude Code has drawn attention from the cybersecurity and developer communities, exposing internal components of the AI coding agent and introducing potential risks for organizations. “The significance of this leak is in what the code reveals about AI agent architecture. The leak exposed approximately 512,000 lines of TypeScript across roughly 1,900…

Read more →

AI, Exploits, Global Security News

EvilTokens abuses Microsoft device code flow for account takeovers

A new phishing-as-a-service (PhaaS) campaign is abusing Microsoft’s device code authentication flow to gain unauthorized access to user accounts. Sekoia researchers first spotted the toolkit “EvilTokens” that lets attackers capture authentication tokens by tricking users into completing a legitimate login process in Microsoft’s own environment. The activity, observed since at least mid-February, relies on social…

Read more →

AI, Apps, Data Breaches, Endpoint, Global Security News, malware, Network Security, Risk Management

SentinelOne autonomous detection blocks trojaned LiteLLM triggered by Claude Code

SentinelOne AI stopped a LiteLLM supply chain attack in seconds, blocking malicious code automatically without human intervention. SentinelOne’s AI-based security detected and blocked a supply chain attack involving a compromised LiteLLM package. SentinelOne’s macOS agent detected and stopped a malicious process chain triggered by Claude Code after it unknowingly installed a compromised LiteLLM package. The…

Read more →

AI, Cybersecurity, Data Breaches, Exploits, Global Security News, Risk Management

Anthropic employee error exposes Claude Code source

An Anthropic employee accidentally exposed the entire proprietary source code for its AI programming tool, Claude Code, by including a source map file in a version of the tool posted on Anthropic’s open npm registry account, a risky mistake, says an AI expert. “A compromised source map is a security risk,” said US-based cybersecurity and…

Read more →